1 files changed, 26 insertions, 0 deletions

diff --git a/sys-freebsd/freebsd-sources/files/freebsd-sources-9.1-cve-2013-3077.patch b/sys-freebsd/freebsd-sources/files/freebsd-sources-9.1-cve-2013-3077.patch
new file mode 100644
index 000000000000..23f68ed9c3db
--- /dev/null
+++ b/sys-freebsd/freebsd-sources/files/freebsd-sources-9.1-cve-2013-3077.patch
@@ -0,0 +1,26 @@
+Index: sys/netinet/in_mcast.c
+===================================================================
+--- sys/netinet/in_mcast.c	(revision 254252)
++++ sys/netinet/in_mcast.c	(working copy)
+@@ -1648,6 +1648,8 @@
+ 	 * has asked for, but we always tell userland how big the
+ 	 * buffer really needs to be.
+ 	 */
++	if (msfr.msfr_nsrcs > in_mcast_maxsocksrc)
++		msfr.msfr_nsrcs = in_mcast_maxsocksrc;
+ 	tss = NULL;
+ 	if (msfr.msfr_srcs != NULL && msfr.msfr_nsrcs > 0) {
+ 		tss = malloc(sizeof(struct sockaddr_storage) * msfr.msfr_nsrcs,
+Index: sys/netinet6/in6_mcast.c
+===================================================================
+--- sys/netinet6/in6_mcast.c	(revision 254252)
++++ sys/netinet6/in6_mcast.c	(working copy)
+@@ -1625,6 +1625,8 @@
+ 	 * has asked for, but we always tell userland how big the
+ 	 * buffer really needs to be.
+ 	 */
++	if (msfr.msfr_nsrcs > in6_mcast_maxsocksrc)
++		msfr.msfr_nsrcs = in6_mcast_maxsocksrc;
+ 	tss = NULL;
+ 	if (msfr.msfr_srcs != NULL && msfr.msfr_nsrcs > 0) {
+ 		tss = malloc(sizeof(struct sockaddr_storage) * msfr.msfr_nsrcs,